Home Intel Hub T01 - SANS Internet Storm Center, InfoCON: green Apple Patches Exploited Vulnerability, (Wed, Apr 16th)

Apple Patches Exploited Vulnerability, (Wed, Apr 16th)

SANS Internet Storm Center, InfoCON: green 2025-04-16

 

Today, Apple patched two vulnerabilities that had already been exploited. The vulnerabilities were exploited against iOS but also exist in macOS, tvOS, and visionOS. Apple released updates for all affected operating systems.

 

iOS 18.4.1 and iPadOS 18.4.1 macOS Sequoia 15.4.1 tvOS 18.4.1 visionOS 2.4.1 CVE-2025-31200: Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.. Affects CoreAudio x x x x CVE-2025-31201: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.. Affects RPAC x x x x

--- Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.